0:00

Hello and welcome to the Wednesday May 1st,

0:02

2020 4 edition of the Sans and I'd

0:04

storm centers

0:07

stormcast. My name is Johannes Ulrich

0:10

and today I'm recording from Jacksonville,

0:12

Florida. Came

0:15

across yet another attack

0:17

against NAS devices today.

0:19

This time that target

0:21

is Cyccell NAS 326.

0:24

Interestingly that this a little bit an older

0:26

vulnerability it was first described including

0:29

a proof of concept late last

0:31

year I think it was November

0:34

and haven't really seen any

0:36

exploit attempts for this vulnerability so

0:39

far but yes we

0:41

are seeing exploit attempts now so

0:43

far just from one

0:45

IP address and it's attempting

0:47

to download then script

0:50

and run it sadly haven't

0:52

been able yet to recover

0:54

this particular script that is

0:56

being attempted to be uploaded

0:58

here could be that they only

1:00

really make it accessible to IP

1:02

addresses to which they just attempted

1:04

to upload the script to so

1:07

there could be some firewall blocking going

1:09

on there or maybe we are a

1:12

little bit too late here since this

1:14

started a couple days ago and this

1:16

malicious second stage was already removed again

1:19

there's an older vulnerability so

1:21

hopefully you got your systems

1:23

already patched for this particular

1:25

problem actually two different problems that

1:27

sort of contribute here to it the reason it sort

1:29

of stuck out to

1:31

me a little bit when I

1:34

saw it was the odd URL

1:36

format where it's slash CMD comma

1:38

and then the remainder of

1:40

the URL it's a post request and

1:43

then the actual payload looks like it's

1:45

sort of trying to install some kind

1:47

of package here

1:49

and then passing as

1:52

a standard command injection

1:54

this additional payload parameter

1:57

and if you ever talked to a

1:59

data scientist a lot of their work

2:01

in particular when it comes to machine learning.

2:03

Of course, these days AI, well,

2:07

that is often done using the

2:09

language R. R

2:11

was designed around statistical computing,

2:13

so it's very well versed

2:15

in things like data visualization

2:18

and machine learning does

2:20

not typically allow the execution

2:22

of sort of arbitrary operating

2:24

system commands and such, but

2:26

hidden layer and machine learning

2:28

AI security company did

2:30

find a de-serialization vulnerability in

2:33

R that actually can lead

2:35

to arbitrary code execution. Just

2:38

like with any language, much

2:40

of the code that you

2:42

are running in R is

2:45

actually downloaded from third-party repositories.

2:47

There's something called the Comprehensive

2:49

R Archive Network or C-RAN

2:51

that contains something like 20,000 packages

2:54

according to hidden layer and of

2:56

course there would be ample opportunity

2:58

for an attacker to offer

3:00

a malicious payload that

3:03

then takes advantage of this

3:05

de-serialization vulnerability. And the patch

3:07

was released with R version

3:10

4.4.0. And

3:14

talking about supply chain vulnerabilities, JFrog

3:17

has done some work with Docker

3:19

to identify

3:22

malicious Docker repositories.

3:25

On Docker Hub, you usually have

3:27

a short description of a particular

3:29

project and that

3:31

description may include links for,

3:34

for example, the documentation or

3:36

such of the project. What

3:38

JFrog found that 20% of

3:43

the repositories on Docker

3:45

Hub are actually linking

3:47

to either spam or in some

3:50

cases some outright malicious content. Also

3:52

interesting here is that these repositories

3:54

don't even bother to actually publish

3:57

a Docker image. That's

3:59

sort of the optional. It's really sort

4:01

of the concept of a Docker Hub.

4:03

It's really some of what is collaborative

4:05

platform. So user legitimately

4:07

may set up a repository and

4:09

then never ever publish actually an

4:11

image to it. But in

4:14

this case it appears that these particular

4:17

repositories were only set up

4:19

in order to redirect victims

4:22

to their malicious websites. In

4:24

some cases just some simple

4:27

spam like typical sort

4:29

of pill mill kind of stuff. See

4:32

if a broken Docker identified 2.8 million repositories

4:35

that follow this pattern and of

4:38

course have removed them by now.

4:41

And if you have been the

4:43

IT industry for a while you

4:45

probably noticed the trend that any

4:48

standard being used for direct attached

4:50

storage will eventually be exposed over

4:53

the network. It was of course

4:55

with SCSI and iSCSI then the

4:57

case well it's now the case

5:00

with NVMe or as they're now

5:02

calling it NVMe over fabric which

5:05

then can become NVMe over TCP.

5:08

Given the increased speed of networks

5:11

in the hundred-gigabit range and the

5:13

like it the invisions

5:16

that you have this

5:18

pool of NVMe drives

5:20

that are directly accessible

5:22

over the network. Security

5:25

company Cyberarc now took its

5:27

sys caller of faster in

5:30

order to test the

5:32

NVMe over a TCP implementation

5:35

in the Linux kernel. Shouldn't

5:37

be a huge surprise but

5:40

they found five different

5:42

vulnerabilities. And with

5:44

these drivers running

5:46

as kernel modules these vulnerabilities

5:49

then may lead to a

5:52

remote code execution in

5:54

the kernel. Kind of nice that

5:56

these bugs were found pretty early

5:58

sort of in the uses. cycle

6:00

of NVMe over TCP.

6:02

So I hope that

6:05

much of this will be fixed before

6:07

it becomes too much of a problem.

6:10

Of course many of these protocols are

6:12

not necessarily sort of designed for the

6:14

open Internet. Well

6:17

that is it for today. Thanks

6:19

for listening. If you like this

6:21

podcast please tell your friends about

6:24

it. Remember it's available via YouTube,

6:26

via your Amazon Echo and

6:29

of course in all of

6:31

the major podcast platforms. Thanks

6:33

and talk to you again

6:35

tomorrow.